Remix.run Logo
venamresm__ a day ago

In the ASN.1 space everyone hopes that someone can dethrone OSS Nokalva's proprietary solutions

woodruffw a day ago | parent | next [-]

I think it's context-dependent: I don't have insight into OSS Nokalva's use inside big companies, but in the Open Source world it certainly isn't dominant.

In Open Source, I think the biggest ASN.1 implementations I come across are OpenSSL's, libtasn1, asn1c, and then per-language implementations like pyasn1.

venamresm__ 11 hours ago | parent | next [-]

Most of the open source tools need patching to properly support certain scenarios (been there done that). They also lack support for parsing ASN.1 Value Notation format (textual), which is used everywhere in specifications, OSS Nokalva offers the full set of tools to handle this even with a playground and ASN.1 editor, this is non-existent in open source right now. For now the open source tools only focus on the crypto aspect, and doesn't really dive into telco, banking, biometric, and others.

nicce a day ago | parent | prev | next [-]

Basically any commercial ASN.1 compiler prevents usage of the output in any open-source project. There is that.

sobkas a day ago | parent [-]

Licence also prevent you from modifying generated code.

cryptonector 15 hours ago | parent | prev [-]

https://github.com/heimdal/heimdal/tree/master/lib/asn1

memling a day ago | parent | prev | next [-]

> In the ASN.1 space everyone hopes that someone can dethrone OSS Nokalva's proprietary solutions

You're buying more than a compiler and runtime, though: you're also getting an SLA and a stricter guarantee about interoperability and bugs and so forth. I have no idea how good their support is (maybe it's atrocious?), but these are important. I had a client who relied on the open-sourced asn1c once who complained about some of the bugs they found in it; they got pushed into buying commercial when the cost-benefit outweighed the software licensing issues.

cryptonector 15 hours ago | parent [-]

Meh. After all, if you're not using ASN.1 you're using something like ProtocolBuffers or FlatBuffers or whatever and all open source tooling.

memling 3 hours ago | parent [-]

> Meh. After all, if you're not using ASN.1 you're using something like ProtocolBuffers or FlatBuffers or whatever and all open source tooling.

Oh sure--there are plenty of alternatives to ASN.1. My guess is that most people who have the choice don't use ASN.1 precisely because open-source alternatives exist and can feasibly work for most use cases.

But if you happen to have one of the use cases that require ASN.1, open sourced tooling can be problematic precisely because of the need for a robust SLA.

cryptonector 2 hours ago | parent [-]

> But if you happen to have one of the use cases that require ASN.1, open sourced tooling can be problematic precisely because of the need for a robust SLA.

Why would you need a support SLA for ASN.1 and not for PB/FB? That makes no sense. And there's plenty of open source ASN.1 tooling now -- just look around this thread!

cryptonector 15 hours ago | parent | prev [-]

I don't have the time, though I do have the inclination, to finish Heimdal's ASN.1 compiler, which is already quite awesome. u/lukeh used Heimdal's ASN.1 compiler's JSON transformation of modules output to build an ASN.1 compiler and runtime for Swift.